Activating FIPS Mode

You can configure WS_FTP Server to run in FIPS-validated mode.

FIPS (Federal Information Processing Standard) is a standard published by the U. S. National Institute of Standards and Technology (NIST), a non-regulatory agency of the U. S. Department of Commerce. NIST works to establish various standards that the U.S. military and various government agencies must abide by. Therefore, vendors, contractors, and any organization working with the government and military must also comply with these standards where they are required. Additionally, despite the fact that FIPS is a U.S.-developed standard, the Canadian government has similar policies requiring FIPS-validated software.

WS_FTP Server FIPS mode includes Triple DES, AES, and HMAC SHA-1. Other modes of encryption are not supported, as specified by FIPS 140-2.

To configure WS_FTP Server to run in FIPS-validated mode:

  1. Go to Server Settings > System Details.
  2. Select the Cryptographic Module checkbox.
  3. Navigate to the Services page.
  4. Select the checkboxes next to each service.
  5. Click the Restart button.

After restart, FIPS-validated mode will be activated.

Note:With FIPS mode activated, non-FIPS connections will still be allowed, unless other connection modes are turned off. To restrict WS_FTP Server to FIPS-validated connections, you need to change the settings as described in the following procedure.

FIPS-related security settings:

  1. Shut off all insecure listeners (with only FTPS and SFTP listeners remaining).
  2. In the Server Manager, select Server > Listeners. The Listeners page opens.
  3. Click the IP address of the listener you want to open. The Edit Listener page opens.
  4. Click Edit SSL Settings. The Listener Encryption Settings page opens.
    1. For SSL type, select SSL Enabled (or Implicit SSL).
    2. Select the appropriate SSL certificate. You may need to create one.
    3. For SSL security level, select Enable TLS Only.
    4. Click Save.
  5. Navigate to Host > Host Settings > SSL Settings.
    1. For Minimum SSL level, select 128 or 256.
    2. Select Force SSL.

    Click Save.